The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) in the United States have published “Cybersecurity Guidance: Chinese-made drones for infrastructure needs.” The goal of the release is to raise awareness of the risks associated with Chinese drones and provide critical infrastructure and local and territorial partners (SLTT) with recommended cyber security measures to reduce risks to networks and sensitive information.
The People’s Republic of China (PRC) has introduced legislation that allows the government to expand the legal basis for accessing data held by companies in China. The use of Chinese drones in critical infrastructure operations potentially threatens the security of information that may be transferred to PRC institutions. This guidance outlines the potential vulnerabilities of networks and sensitive information when these drones are operated without proper cybersecurity protocols, as well as the possible consequences.
Threats associated with Chinese drones
Chinese drones produced for critical infrastructure pose a serious threat to the national security, economic and public health of the United States. Critical infrastructure sections such as the energy, chemical and communications industries are increasingly relying on drones for various missions to reduce operational costs and improve personnel safety. However, the use of Chinese drones carries serious risks.
The government of the People’s Republic of China has introduced legislation that allows it to access and control data stored by companies in China. This increases the risk of unauthorized access to systems and data, posing a serious threat to critical infrastructure. Therefore, it is important for organizations to use secure and U.S.-manufactured drones that minimize the negative impact on cyber security.
Cybersecurity recommendations
Critical infrastructure organizations should use drones designed with security in mind and manufactured by U.S. companies. The Cyber Security Guidelines offer cyber security recommendations that organizations should consider as part of their drone program, policies and procedures. Here are some recommendations to consider:
Secure communications
Ensure secure communications – Ensure that communications between the drone and the control system are secure and cannot be intercepted by third parties. Use wireless communication protocols that are encrypted and secure.
Up-to-date software
Maintain up-to-date software – Update drone software regularly to ensure the latest security patches and fixes. Outdated software can be vulnerable to cyberattacks.
Drone access
Secure drone access – Limit access to drones to authorized users only. Use multi-level authentication and strong passwords to prevent unauthorized use of drones.
Monitoring
Monitor and detect threats – Use monitoring tools and threat detection systems to identify potential cyberattacks and suspicious activity against drones.
Competency
Staff training – Conduct regular training for staff on cyber security and drone awareness. Staff knowledge is key to ensuring safe drone use.
Summary
The dangers of Chinese drones in the critical infrastructure sector are real and serious. Organizations should act with caution and consider cybersecurity recommendations to reduce the risk of unauthorized access to networks and sensitive information. The use of drones designed with security in mind and manufactured by U.S. companies is critical to protecting national security, economic security and public health. Concerted efforts to ensure the security and resilience of critical infrastructure are very important.
Want to know more? visit CISA’s Unmanned Aircraft Systems (UAS) website.